Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company |
Buffer Overflow in DBMS_REPCAT_INSTANTIATE in Oracle 9i
Details Buffer Overflow in DBMS_REPCAT_INSTANTIATE. This package has EXECUTE permission granted to PUBLIC. Every database user can exploit this vulnerability and crash the database or execute arbitrary code. This vulnerability can be exploited via SQL Injection Workarounds REVOKE EXECUTE ON SYS.DBMS_REPCAT_INSTANTTIATE FROM PUBLIC FORCE; Example DECLARE mynum NUMBER; BEGIN mynum := DBMS_REPCAT_INSTANTIATE.INSTANTIATE_OFFLINE('longstring',''); END; or SELECT DBMS_REPCAT_INSTANTIATE.INSTANTIATE_ONLINE ('longstring','') FROM Dual Patch Information Revoke the grant or apply the latest Oracle Security patches (e.g. CPU April 2004). © 2005 by Red-Database-Security GmbH - last update 02-nov-2005 |
Definition Exploit |